The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected): airMAX AC 7.1.3; airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; and EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2.
References
Link | Resource |
---|---|
https://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940 | Vendor Advisory |
https://community.ubnt.com/t5/airMAX-Updates-Blog/Important-Security-Notice-and-airOS-5-6-5-Release/ba-p/1565949 | Vendor Advisory |
https://community.ubnt.com/t5/airMAX-Updates-Blog/Security-Release-for-airMAX-TOUGHSwitch-and-airGateway-Released/ba-p/1300494 | Patch Vendor Advisory |
https://hackerone.com/reports/73480 | Issue Tracking Third Party Advisory |
https://www.exploit-db.com/exploits/39701/ | Exploit Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/39853/ | Exploit Third Party Advisory VDB Entry |
https://www.rapid7.com/db/modules/exploit/linux/ssh/ubiquiti_airos_file_upload | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-09-05T21:00:00
Updated: 2018-09-05T20:57:01
Reserved: 2018-09-04T00:00:00
Link: CVE-2015-9266
JSON object: View
NVD Information
Status : Modified
Published: 2018-09-05T20:29:00.253
Modified: 2021-08-12T16:43:11.130
Link: CVE-2015-9266
JSON object: View
Redhat Information
No data.
CWE